Product Security Engineer (Application Security)
- Bengaluru
Jeśli otrzymałeś tę ofertę pracy od naszych rekruterów, zapoznaj się z naszą Polityką prywatności.
Project overview
Team
Position overview
The ideal candidate will be able to balance hands-on security work with strong communication and stakeholder engagement, while operating with a high degree of autonomy.
Technology stack
Responsibilities
- Act as a security advocate for product owners and engineering teams
- Perform web, backend, and mobile security assessments
- Orchestrate and coordinate security testing activities including penetration testing
- Participate in architecture and design discussions to ensure security is embedded from the start
- Conduct threat modelling for new and existing features
- Support and improve secure development practices across engineering teams
- Integrate and enhance security tooling within CI/CD pipelines
- Ensure adherence to Secure Development Lifecycle (SDLC) practices
- Triaging findings from tools, bug bounty programs, and security reports
- Provide guidance on secure coding practices and vulnerability remediation
- Balance security requirements with engineering productivity
- Collaborate with internal teams and external vendors on security initiatives
- Additional responsibilities aligned to project needs:
- Manage and reduce security backlog (e.g., reviews, threat models, pentest coordination)
- Prevent backlog accumulation by efficiently handling incoming security requests
- Correlate findings across multiple security tools and prioritize remediation efforts
- Act as a security point of contact for specific product domains
- Coordinate with external vendors for security testing and assessments
- Provide practical and implementable security recommendations
- Quickly onboard and contribute with minimal ramp-up in a fast-paced environment
Requirements
- Experience in application security or product security roles
- Hands-on experience with offensive security testing (e.g., Burp Suite, Nmap, Kali Linux)
- Strong understanding of web and/or mobile security
- Experience working with cloud-native applications (preferably AWS).
- Solid knowledge of networking and operating systems
- Experience with threat modelling and secure design practices
- Basic programming knowledge (Python, JavaScript, Go, or similar)
- Ability to identify and remediate common vulnerabilities (e.g., SQL injection, XSS)
- Experience advising engineering teams on secure coding practices
- Basic understanding of cloud environments and infrastructure concepts
Nice to have
- Understanding of distributed systems security and service-to-service communication risks
- Familiarity with Kubernetes environments (no deep expertise required)
- Ability to prioritize vulnerabilities and reduce noise from security tools
- Strong stakeholder management and communication skills
- Ability to work independently and take ownership of responsibilities
Looking for Similar Opportunities?

Co oferujemy
Dni wolne
Zgodne z lokalnym prawem
Dbamy o Twoje zdrowie
Zapewniamy szeroki wachlarz usług w ramach prywatnego ubezpieczenia medycznego
Płatne chorobowe
Zgodnie z lokalnym prawem
Wakacje i specjalne dni wolne
Zgodnie z oficjalnym kalendarzem, niezależnie od kalendarza klienta
Komfortowe warunki pracy
Elastyczny czas pracy oraz pomoc w wyposażeniu komfortowego miejsca pracy
Wewnętrzna platforma edukacyjna
Dostęp do profesjonalnych kursów i szkoleń
Wewnętrzne kursy języka angielskiego
Firmowe szkolenia z wysoko wykwalifikowanymi nauczycielami
